iPhone update after ransomware scam locks users out of web browsers
Apple's latest iPhone update fixes a flaw in iOS that allowed hackers to lock users out of the Safari web browser and demand a ransom.
The bug created a scam pop-up that claimed users had been illegally downloading music or pornography, and demanded users pay £100 in iTunes credit.
One of the fake websites had been mocked up to look like an official Metropolitan Police website, and claimed the web browser would be unblocked when a payment was made.
The scam created an endless loop of pop-ups titled "Cannot open page". If users clicked the "OK" button to remove the pop-up, a new one would simply pop up.
Since pop-ups would take up the entire Safari browser, not just individual tabs, the loop effectively locked users out of using the browser unless they knew of a fix to clear website data.
Apple fixed the issue in its latest iOS update, 10.3, which was released on Monday. The flaw was disclosed by security company Lookout, which revealed it after the software update was released.
Tips to secure your iPhone from hackers
iOS 10.3 also includes a new file system that users have noticed makes their phone faster and frees up space. If you haven't downloaded it yet, it can be found by going to the Settings app, then General and Software Update.
The fix means that pop-ups appear on individual tabs, rather than taking over the entire browser. Before it was issued, the only way to get rid of the bug was to clear the iPhone web history in the Settings menu.
Lookout said the attack appeared designs for older versions of iOS, and was activated by JavaScript, a language that is widely used across the web. Many websites have tried to limit use of JavaScript due to security concerns.
iPhone secrets, shortcuts and hidden features you should know about
